Eidolon (02-17-2012),Jorndel (01-10-2012),lolbie (01-10-2012),Lovroman (06-29-2013),NightmareTX_RETIRED (09-05-2012),ratulupadhyay (05-10-2012),realowner (01-09-2012),Velux (05-01-2013)
If you've never done reverse engineering, you might want to stay away from this, but don't fret as there are offsets at the bottom if you want to use them in your trainer.
Please note that this tutorial is for SP however, MP should be pretty simillar. Also, I am using an older version of OllyDBG, newer versions are still simillar but may have different names for things.
Load up iw5sp.exe with OllyDBG. Right-click in the CPU Window and click Search for -> All referenced text strings.
Right-click in the new window and click Search for text. Type in CG_FireWeapon and ensure that Entire scope is checked.
It should highlight one of the lines which look like this:
Double-click on the line or just hit the Enter key. You should now be in the CPU Window however you are on the instruction where the string was referenced.
Keep scrolling down until you see the following (look for ADD EDI, xxxxx, note that in MP, you're looking for ADD ESI, xxxxx):
Now, if you notice, you can see a conditional jump, that is the JE right before it. It will only jump if the zero flag (ZF) is 1. The CMP instruction before the JE compares the 2 values and sets ZF to 1 when they match. There are a few ways to patch it, we could NOP out the CMP instruction and the JE instruction, edit the CMP instruction, or we could be smart about it and only have to patch 1 byte.
The smart way would be to turn the JE instruction into a JMP which means that it will always jump over the code no matter what. Now, if we try double clicking on the instruction and typing in JMP instead of JE like this:
We can click Assemble and close the window and see, that the only byte modified was the 0x74 byte which is now 0xEB.
Now notice the address on the left of the modification, that means all we have to do is write 0xEB to 0x40976A to bypass the recoil functions!
******* Updated Addresses *******
1.5.388:
So we are writing 0xEB (byte) to 0x40976A.
For multiplayer you write the same thing to 0x54946D. I haven't tested it but I'm pretty sure it should work, note you could get VAC banned for trying on MP.
Enjoy guys, have fun. Big thanks to @Hell_Demon for the original tutorial for MW2.
- master131
Last edited by master131; 04-24-2012 at 07:27 PM.
Donate:
BTC: 1GEny3y5tsYfw8E8A45upK6PKVAEcUDNv9
Handy Tools/Hacks:
Extreme Injector v3.7.3
A powerful and advanced injector in a simple GUI.
Can scramble DLLs on injection making them harder to detect and even make detected hacks work again!
Minion Since: 13th January 2011
Moderator Since: 6th May 2011
Global Moderator Since: 29th April 2012
Super User/Unknown Since: 23rd July 2013
'Game Hacking' Team Since: 30th July 2013
--My Art--
[Roxas - Pixel Art, WIP]
[Natsu - Drawn]
[Natsu - Coloured]
All drawings are coloured using Photoshop.
--Gifts--
[Kyle]
Eidolon (02-17-2012),Jorndel (01-10-2012),lolbie (01-10-2012),Lovroman (06-29-2013),NightmareTX_RETIRED (09-05-2012),ratulupadhyay (05-10-2012),realowner (01-09-2012),Velux (05-01-2013)
nice remake, hopefully will help some guys to get into asm. that for it would be great to explain, what happens in the asm behind.
Nice, so that was the lines I had to NOP
(I did this but I NOPed the wrong values. I also NOPed the 3 lines above And game crashed when I changed wep )
@master131
And thanks for showing that it was possible to do this.
Now you made me want to look and learn how ASM is working and what so ever it does
Thanks @master131
I was looking for this again
since I forgot how to do it
because, it is different in black ops
I love it when people keep their agreements /sarcasm ftw
/updated addresses
Enjoy. :3
Donate:
BTC: 1GEny3y5tsYfw8E8A45upK6PKVAEcUDNv9
Handy Tools/Hacks:
Extreme Injector v3.7.3
A powerful and advanced injector in a simple GUI.
Can scramble DLLs on injection making them harder to detect and even make detected hacks work again!
Minion Since: 13th January 2011
Moderator Since: 6th May 2011
Global Moderator Since: 29th April 2012
Super User/Unknown Since: 23rd July 2013
'Game Hacking' Team Since: 30th July 2013
--My Art--
[Roxas - Pixel Art, WIP]
[Natsu - Drawn]
[Natsu - Coloured]
All drawings are coloured using Photoshop.
--Gifts--
[Kyle]
lolbie (01-26-2012)
/updated for 1.5.387
Donate:
BTC: 1GEny3y5tsYfw8E8A45upK6PKVAEcUDNv9
Handy Tools/Hacks:
Extreme Injector v3.7.3
A powerful and advanced injector in a simple GUI.
Can scramble DLLs on injection making them harder to detect and even make detected hacks work again!
Minion Since: 13th January 2011
Moderator Since: 6th May 2011
Global Moderator Since: 29th April 2012
Super User/Unknown Since: 23rd July 2013
'Game Hacking' Team Since: 30th July 2013
--My Art--
[Roxas - Pixel Art, WIP]
[Natsu - Drawn]
[Natsu - Coloured]
All drawings are coloured using Photoshop.
--Gifts--
[Kyle]
Is it me or when you apply the no recoil the game crashes during loadings?
Is it possible to remove weapon flinch when hit or weapon sway in the same way?
/updated tutorial
This one only requires 1 byte patch and does not crash on SP/Spec Ops.
Donate:
BTC: 1GEny3y5tsYfw8E8A45upK6PKVAEcUDNv9
Handy Tools/Hacks:
Extreme Injector v3.7.3
A powerful and advanced injector in a simple GUI.
Can scramble DLLs on injection making them harder to detect and even make detected hacks work again!
Minion Since: 13th January 2011
Moderator Since: 6th May 2011
Global Moderator Since: 29th April 2012
Super User/Unknown Since: 23rd July 2013
'Game Hacking' Team Since: 30th July 2013
--My Art--
[Roxas - Pixel Art, WIP]
[Natsu - Drawn]
[Natsu - Coloured]
All drawings are coloured using Photoshop.
--Gifts--
[Kyle]
just for the info, the recoil and spread can fully be taken away by editing the local weaponstructs(sp)
in mp this will only be visual
Donate:
BTC: 1GEny3y5tsYfw8E8A45upK6PKVAEcUDNv9
Handy Tools/Hacks:
Extreme Injector v3.7.3
A powerful and advanced injector in a simple GUI.
Can scramble DLLs on injection making them harder to detect and even make detected hacks work again!
Minion Since: 13th January 2011
Moderator Since: 6th May 2011
Global Moderator Since: 29th April 2012
Super User/Unknown Since: 23rd July 2013
'Game Hacking' Team Since: 30th July 2013
--My Art--
[Roxas - Pixel Art, WIP]
[Natsu - Drawn]
[Natsu - Coloured]
All drawings are coloured using Photoshop.
--Gifts--
[Kyle]
i cant search in ollydbg